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DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-24 are presented. 

CLAIM OBJECTIONS 

Claim Objections 

1 . Claim 23 is objected to because of the following inforntalities: said claim recHes that the 
apparatus further comprises a switch or a router or a virtualization device. As the claim currently stands, 
it depends on claim 22, which specifically recites that the apparatus does not comprise of a switch or a 
router or a virtualization device. Examiner interprets this as an error in claim numbering. For purposes of 
examination, examiner interprets this claim to be dependent on claim 14 rather than claim 22. 
Appropriate conrection is required. 

CLAIM REJECTIONS 

Claim Rejections - 35 USC §112 
The following is a quotation of th,e second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1. Claims 6 and 17 recite the limitation "the fiber channel" in claims 1 and 14. There is insufficient 
antecedent basis for this limitation in the claim. For purposes of examination, examiner interprets the 
claim to read as such: "a fiber channel." 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 



Application/Control Number: 10/686,550 
Art Unit: 2136 



Pages 



A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-2, 4, 8-13, and 24 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Chow, US PGP No. 20020126672. 
As per claim 1, Chow teaches: 

Apparatus for security applications, the apparatus comprising: 

an interface coupled to a storage network, the interface being adapted to receive a frame from the 
storage network; 

[see fig. 2, element 208] 
a classifier coupled to the interface, the classifier being adapted to determine an information type 
associated with the frame, the type being an initiator, data, or tenminator, the classifier being adapted to 
determine header information associated with the frame; and 

[see fig. 2, element 210] 
a content addressable memory coupled to the classifier. 

[see fig. 2, element 216] 
As per claim 2, Chow teaches: 

Apparatus of claim 1 wherein the content addressable memory comprises a rule portion and a flow 
portion, the rule portion being adapted to determine header information and command information from 
the initiator frame and the flow portion being adapted to provide a flow based upon the header 
information. 

[see paragraph 0052] "Using the search key generated by the method described herein, a lookup 
or search is done on the classification database contained in the CAM (arrow 826). The resulting 
content address or entry address 218 (FIG. 2), matching the search key 214 (FIG. 2), obtained 
from the classification database in CAM 806 is then used to perform a memory read into an 
associated memory 814 (arrow 828), to determine the policy of the packet received as well as the 
treatment of that packet, as shown by the arrow 826. Depending on the policy received from the 
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CAM controlling hardware 804 and the packet Infonnation retrieved from packet memory 810, the 
egress manager 812 performs some policy action (e.g., metering and shaping, quality of service 
provisions, packet counting and billing actions, DSCP remarking, CPU actions, etc.), as dictated 
in the action content database, and sends out the resulting packet 834 to the appropriate network 
(or receiving port). " 

As per claim 4, Chow teaches: 

Apparatus of claim 1 wherein the initiator determines a read or a write process. 

[see paragraph 44] "The packet parser 504 also reads the incoming packet 208 to determine the 
type and structure of such packet " 

As per claim 8, Chow teaches: 

Apparatus of claim 1 wherein the classifier is provided on an integrated circuit chip. 
[see fig. 8, element 802] 

As per claim 9, Chow teaches: 

Apparatus of claim 1 wherein the classifier is adapted to maintain wire speed operation while determining 

the information type and header information associated with the frame. 

[see paragraph 23] "The use of the invention allows flexibility in the choice of packet fields, 
thereby providing a router with reconfigurable classification functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements." 

As per claim 10, Chow teaches: 

Apparatus of claim 1 further comprising a flow context random access memory coupled to the classifier, 
the flow context random access memory being adapted to store a policy based upon a flow, the flow 
being associated with the header information. 
[see fig. 2, element 220] 

As per claim 1 1 , Chow teaches: 

Apparatus of claim 1 wherein the classifier is used in determining access controls to target volumes & 
partitions. 
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[see paragraph 53] "Once the mtelliger)t software 904 is loaded and executed, the user is 
provided with an interface enabling such user to define a set of selection criteria. Another 
embodiment, not illustrated in the figure, is wherein the user 902 has access to the intelligent 
software, but such software is not directly contained in the user's computer (e.g., software 
contained in a network computer). The intelligent software may be written in a programming 
language, such as C, C++, and the lil<e. Various configurations on how such intelligent software 
may be deployed and implemented are known in the art, " 



As per claim 12, Chow teaches: 

Apparatus of claim 1 wherein the classifier is used in allowing access to specific targets only to 
authenticated hosts and, in some scenarios applications running on the hosts. 

[see above rejection of claim 11, "access to the intelligent software'] 



As per claim 13, Chow teaches: 

Apparatus of claim 1 wherein the apparatus is operable in a NULL port in a storage area network. 

[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet For example, an Internet Service Provider router that needs to perform packet filtering, 
policy routing, accounting and billing, traffic rate limiting, and traffic shaping may use the present 
invention to access certain fields from the incoming packet information, notably, the destination 
IP, source IP, destination L4 port number, source L4 port number, and protocol. 



As per claim 24, Chow teaches: 

A method for security applications for storage area networks, the method comprising: 
receiving one or more frames at a security apparatus from a storage area network device through a fibre 
channel, the storage area network device being operated by client device, the client device being coupled 
to the storage area network device; 

[see fig. 2, element 208] 
determining a frame type of the one or more frames at the security apparatus; 

[see fig, 2, element 210] 
creating a flow process through one or more processors if the frame type of an initiator frame; 

[see fig. 2 element 216] 
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processing one or more subsequent frames associated with the flow process through the one or more 

processors at wire speed; 

[see paragraph 23] ''The use of the hvention allows flexibility in the choice ofpacl<et fields, 
thereby providing a router with reconfigurable classification functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements." 

whereupon the processing is substantially transparent to a user of the client device. 

[see paragraph 37, wherein the system administrator configures the system but the processing is 
implemented by the system and is essentially transparent to the user 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 3, 5-7, 14-21, and 22-23, are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Chow, and further in view of Amara, US Patent No. 6,674,743. 

As per claim 3: 

Chow teaches: 

Apparatus of claim 1 further comprising: 

a central processing unit coupled to the classifier; 

[see fig. 10, element 1002] 
an action processor coupled to the central processing unit; 

[see fig. 2, element 220] 

a security action processor SAP processor coupled to the central processing unit, the SAP being adapted 
to process data block by block; and 
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[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet. 

Chow does not teach: 

an encryption/decryption processor coupled the security action processor, the encryption/decryption 
processor being adapted to encrypt/decrypt the data block by block. 

Amara teaches a packet forwarding apparatus that comprises the above limitation not taught by Chow. 

[see col 5, lines 16-20] "Policy engine 126 applies a policy to the internal packets. Specifically, 
policy engine 126 examines one or more selector fields present in the internal packet s. Typical 
selector fields include the source address, destination address, source port, destination port, and 
protocol type. Policy engine 126 also applies a set of rules specifying the manner in which a 
given packet should be handled if the selector fields of the given packet match certain predefined 
criteria. Such handling can include without limitation dropping the packet, logging the packet, 
encrypting or decrypting the packet " 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify the 

Chow invention to include the encryption/decryption taught by Amara in order to secure data coming in 

and going out of the system. 

As per claim 14: 
Chow teaches: 

Apparatus for security applications of storage area networks, the apparatus comprising: 

an interface coupled to a storage network, the interface being adapted to receive a frame from the 

storage network; 

[see fig. 2, element 208] 
a classifier coupled to the interface, the classifier being adapted to determine an information type 
associated with the frame, the type being an initiator, data, or tentiinator, the classifier being adapted to 
determine header infomnation associated with the frame; and 

[see fig. 2, element 210] 

a content addressable memory coupled to the classifier, the content addressable memory comprises a 
rule portion and a flow portion, the rule portion being adapted to determine header infonnation and 
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command information from the initiator frame and the flow portion being adapted to provide a flow based 
upon the header information; 

[see fig. 2 element 216] 
a central processing unit coupled to the classifier; 

[see fig, 10, element 1002] 
an action processor coupled to the central processing unit; 

[see fig. 2, element 220] 

a security action processor SAP processor coupled to the central processing unit, the SAP being adapted 
to process data block by block; and 

[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet. 

Chow does not teach: 

an encryption/decryption processor coupled the security action processor, the encryption/decryption 
processor being adapted to encrypt/decrypt the data block by block. 

Amara teaches a packet fonA/arding apparatus that comprises the above limitation not taught by Chow. 

[see col 5, lines 16-20] "Policy engine 126 applies a policy to the internal packets. Specifically, 
policy engine 126 examines one or more selector fields present in the internal packets. Typical 
selector fields include the source address, destination address, source port, destination port, and 
protocol type. Policy engine 126 also applies a set of rules specifying the manner in which a 
given packet should be handled if the selector fields of the given packet match certain predefined 
criteria. Such handling can include without limitation dropping the packet, logging the packet, 
encrypting or decrypting the packet." 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify the 

Chow invention to include the encryption/decryption taught by Amara in order to secure data coming in 

and going out of the system. 

As per claim 15, Chow teaches: 

Apparatus of claim 14 wherein the initiator determines a read or a write process. 

[see paragraph 44] "The packet parser 504 also reads the incoming packet 208 to determine the type and 

structure of such packet" 
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As per claim 19, Chow teaches: 

Apparatus of claim 14 wherein the classifier is provided on an integrated circuit chip. 
[see fig. 8, element 802] 

As per claim 20, Chow teaches: 

Apparatus of claim 14 wherein the classifier is adapted to maintain wire speed operation while 

determining the information type and header information associated with the frame. 

[see paragraph 23] "The use of the invention allows flexibility in the choice of packet fields, 
thereby providing a router with reconfigurable classincation functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements," 

As per claim 21, Chow teaches: 

Apparatus of claim 14 further comprising a flow context random access memory coupled to the classifier, 
the flow context random access memory being adapted to store a policy based upon a flow, the flow 
being associated with the header infonnation. 
[see fig, 2, element 220] 

As per claims 5 and 16: 

Apparatus of claim 1 wherein the content addressable memory comprises at least two MBit. 

Applicant does not disclose within the specification as to what size the content addressable 
memory may comprise. Examiner interprets this as merely a matter of design choice. 

As per claims 6, 7, 17, and 18: 

The Chow and Amara references have been discussed above. They do not specifically cite that the 
interface is adapted to receive the frame through a fiber channel in a SCSI format. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to add to the Chow and 
Amara inventions in order to receive frames through a fiber channel in a SCSI format because fiber 
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channels increase the distance in which frames can travel and SCSI frames can be transported at higher 
speeds. 

As per claim 22: 

Apparatus of claim 14 wherein the apparatus is not a switch or a router or a virtualization device. 

[see fig, 2] 
As per claim 23: 

Apparatus of claim 22 wherein the apparatus further comprises a switch or a router or a virtualization 
device, 

[see fig, 2, element 204] 

CONCLUSION 

The art made of record and not relied upon is considered pertinent to applicant's disclosure. 

POINTS OF CONTACT 

*. Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria. VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria. VA 22314 

Any inquiry conceming this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can nomrially 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR, Status information for unpublished 
applications is available through Private PAIR only. For more infomnation about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-21 7-9 197 (toll-free). 




Daniel L. Hoang 
3/22/07 



